Security of Data from Public - Using Cloud Storage

Transcription

1 Security of Data from Public - Using Cloud Storage T.Gopika #1, J.Haripriya #2, R.Ilakiyashri #3, S.Praveenkumar #4 UG Student, Dept. of CSE, Anand Institute of Higher Technology, Chennai, Tamil Nadu, India 1 UG Student, Dept. of CSE, Anand Institute of Higher Technology, Chennai, Tamil Nadu, India 2 UG Student, Dept. of CSE, Anand Institute of Higher Technology, Chennai, Tamil Nadu, India 3 Assistant Professor, Dept. of CSE, Anand Institute of Higher Technology, Chennai, Tamil Nadu, India 4 ABSTRACT: In this project, we propose a public auditing scheme for the regenerating-code-based cloud storage. To solve the regeneration problem of failed authenticators in the absence of data owners, we introduce a proxy, which is privileged to regenerate the authenticators, into the traditional public auditing system model. Moreover, we design a novel public verifiable authenticator, which is generated by a couple of key sand can be regenerated using partial keys. Thus, our scheme can completely release data owners from online burden. In addition, we randomize the encode coefficients with a pseudorandom function to preserve data privacy. Extensive security analysis shows that our scheme is provable secure under random oracle mode land experimental evaluation indicates that our scheme is highly efficient and can be feasibly integrated into the regenerating code-based cloud storage. KEYWORDS: long hospital stays and expensive, reduce the waiting time, tracks the location and call recording, emergency first aid details. I. INTRODUCTION Cloud computing storage is now gaining popularity because offers a flexible on-demand data outsourcing service with appealing benefits: relief of the burden for storage management universal data access with location independence, and avoidance of capital expenditure on hardware, software, and personal maintenances, etc., Nevertheless, this new paradigm of data hosting service also brings new security threats toward users data, thus making individuals or enterprisers still feel hesitant. It is noted that data owners lose ultimate control over the fate of their outsourced data; thus, the correctness, availability and integrity of the data are being put at risk. On the one hand, the cloud service is usually faced with a broad range or corrupt users data; on the other hand, the cloud service providers may act dishonestly, attempting to hide data loss or corruption and claiming that the files are still correctly stored in the cloud for reputation or monetary reasons. Thus it makes great sense for users to implement an efficient protocols to perform periodical verifications of their outsourced data to ensure that the cloud indeed maintains their data correctly. The most significant work among these studies are the PDP (provable data possession) model and POR (proof of retrievability) model, which were originally proposed for the single-server scenario by Ateniese et al. and Juels and Kaliski, respectively.considering that files are usually striped and redundantly stored across multi-servers or multiclouds,explore integrity verification schemes suitable for such multi-servers or multi-clouds setting with different redundancy schemes, such as replication, erasure codes, and,more recently, regenerating codes. In this paper, we focus on the integrity verification problem in regenerating-code-based cloud storage, especially with the functional repair strategy. CPOR scheme (private version in to the regenerating code-scenario; designed and implemented a data integrity protection (DIP) scheme for FMSR -based cloud storage and the scheme is adapted to the thin-cloud setting.1 However, both of them are designed for private audit, only the data owner is allowed to verify the integrity and repair the faulty servers. Considering the large size of the outsourced data and the user s constrained resource capability, the tasks of auditing and reparation in the cloud can be formidable and expensive for the users. The overhead of using cloud storage should be minimized as much as possible such that a user does notneed IJIRCCE 199

2 to perform too many operations to their outsourced data (in additional to retrieving it). In particular, users may not want to go through the complexity in verifying and reparation. The auditing schemes in [7] and [8] imply the problem that users need to always stay online, which may impede its adoption in practice, especially for long-term archival storage. To fully ensure the data integrity and save the users computation resources as well as online burden, we propose a public auditing scheme for the regenerating-code-based cloud storage, in which the integrity checking and regeneration(of failed data blocks and authenticators) are implemented by a third-party auditor and a semi-trusted proxy separately on behalf of the data owner. Instead of directly adapting the existing public auditing scheme [12] to the multi-server setting, we design a novel authenticator, which is more appropriate for regenerating codes. Besides, we encrypt the coefficients to protect data privacy against the auditor, which is more lightweight than applying the proof blind technique in and and data blind method in. Several challenges and threats spontaneously arise in our new system model with a proxy (Section II-C), and security analysis shows that our scheme works well with these problems. Specifically,our contribution can be summarized by the following aspects: We design a novel homomorphic authenticator based on BLS signature [17], which can be generated couple of secret keys and verified publicly. Utilizing the linear subspace of the regenerating codes, the authenticators can be computed efficiently. Besides, it can be adapted for data owners equipped with low end computation devices (e.g. Tablet PC etc.) in which they only need to sign thenative blocks. To the best of our knowledge, our scheme is the first to allow privacy-preserving public auditing for regeneratingcode-based cloud storage. The coefficients are masked by a PRF (Pseudorandom Function) during the Setup phase to avoid leakage of the original data. This method is lightweight and does not introduce any computational overhead to the cloud servers or TPA. Our scheme completely releases data owners from online burden for the regeneration of blocks and authenticatorsat faulty servers and it provides the privilege to a proxy for the reparation. Optimization measures are taken to improve the flexibility and efficiency of our auditing scheme; thus, the storage overhead of servers, the computational overhead of the data owner and communication overhead during the audit phase can be effectively reduced. II. CLOUD COMPUTING Cloud computing is online service to provide resources as service on demand when needed by users through internet that can be leased and released with least management effort and human intervention with service providers. A. RESOURCES OF CLOUD COMPUTING Client, Server, Platforms, Software, Infrastructure are the resources of cloud computing. B. DEPLOYMENT MODEL Cloud computing is a style of computing in which business processes, application,data,and any type of IT Resource can be provided as a service to users. The different types of deployment models are as follows. C.PUBLIC CLOUD The Public cloud is based on main stream and we can say cloud resources are shared outside and there are no restrictions anyone can use it. It is also called external cloud. A cloud in which computing infrastructure is hosted by cloud vendors at the vendor s premises. It offers services to general public on pay-as-you-go basis. PRIVATE CLOUD The private cloud is that there is limited number of resources to use for people and it is used in any organization. It is also called as internal cloud. A private cloud has dedicated infrastructure to particular organization in which scalable resources provided by cloud vendor pool together and available to cloud users to share and exploit. Private cloud is of two types: On-Premises hosted within organization own facility and External hosted-used by one organization but hosted by third party. A private cloud drives efficiency while retaining control and greater customization. HYBRID CLOUD The hybrid cloud is combination of private and public cloud that interoperates. Hybrid cloud is a collection of public and private cloud. Hybrid cloud is like a private cloud linked to one or more services. IJIRCCE 200

3 COMMUNITY CLOUD The community cloud is a different type of cloud more than one community shares a cloud to share and reduce the cost of computing system. C. SERVICE MODEL A service model is the way of providing services from the cloud. It provides service to customer to use the hardware resources, get platform to build software and use installed software applications. There are three service models in cloud computing. INFRASTRUCTURE AS A SERVICE Is a way of delivering cloud computing infrastructure that enables user to share hardware resources for executing services using virtualization technology. Its major objective is to make resources like servers, storage and networks more expeditiously accessible by applications and operating systems. Example of Infrastructure as a service Amazon S3, GoGrid. PLATFORM AS A SERVICE Platform as a service refers to the delivery of computing platform and solution stack as a service without software installation or downloads for IT managers, developers or end users. In this model user does not manage the infrastructure but controls deployed applications possibly their configurations. Example of platform as a service Google Apps Engine. SOFTWARE AS A SERVICE Software as a service is a process in which Applications Service Provider offer distinct software applications over the internet without installing and operating on user s computer. Example of software as a service Google Apps. III. PRELIMINARIES AND PROBLEM STATEMENT A. NOTATIONS AND PRELIMINARIES: Regenerating Codes: Regenerating codes are first introduced by Dimakis et al. [18] for distributed storage to reduce the repair bandwidth. Viewing cloud storage to be a collection of n storage servers, data file F is encoded and stored redundantly across these servers. Then F can be retrieved by connecting to any k-out-of-n servers, which is termed the MDS2-property. When data corruption at a server is detected, the client will contact _ healthy servers and download β_ bits from each server, thus regenerating the corrupted blocks without recovering the entire original file. Dimakis et al. [18] showed that the repair bandwidth γ _ = _β_ can be significantly reduced with _ k.furthermore, they analyzed the fundamental tradeoff between the storage cost α_ and the repair bandwidth γ_, then presented two extreme and practically relevant points on the optimal tradeoff curve: the minimum bandwidth regenerating (MBR) point, which represents the operating point with the least possible repair bandwidth, and the minimum storage regenerating (MSR) point, which corresponds to the least possible storage cost on the servers. Existing remote checking methods for regenerating-coded data only provide private auditing, requiring data owners to always stay online and handle auditing, as well as repairing,which is sometimes impractical.the large size of the outsourced data andthe user s constrained resource capability, the tasks of auditing and reparation in the cloud can be formidable and expensivewe consider the auditing system model for the users. IV. EXISTING MODEL Existing remote checking methods for regenerating-coded data only provide private auditing, requiring data owners to always stay online and handle auditing, as well as repairing,which is sometimes impractical.the large size of the outsourced data andthe user s constrained resource capability, the tasks of auditing and reparation in the cloud can be formidable and expensivewe consider the auditing system model for the users. Regenerating Code-based cloud storage as which involves fourentities: the data owner, who owns large amounts of data files to be stored in the cloud; the cloud, which are managed by the cloud service provider, provide storage service and have significant computational resources; the third party auditor (TPA), who has expertise and capabilities to conduct public audits on the coded data IJIRCCE 201

4 in the cloud, the TPA is trusted and its audit result is unbiased for both data owners and cloud servers; and a proxy agent, who is semi-trusted and acts on behalf of the data owner to regenerate authenticators and data blocks on the failed servers during the repair procedure. Notice that the data owner is restricted in computational and storage resources compared to other entities and may becomes off-line even after the data upload procedure. The proxy, who would always be online, is supposed to be much more powerful than the data owner but less than the cloud servers in terms of computation and memory capacity. To save resources as well as the online burden potentially brought by the periodic auditing and accidental repairing, the data owners resort to the TPA for integrity verification and delegate the reparation to the proxy.compared with the traditional public auditing system model,our system model involves an additional proxy agent. In order to reveal the rationality of our design and make our following description in Section III to be more clear and concrete, we consider such a reference scenario: A company employs a commercial regeneratingcode-based public cloud and provides long-term archival storage service for its staffs, the staffs are equipped with low end computation devices (e.g., Laptop PC, Tablet PC, etc.) and will be frequently off-line. For public data auditing, the company relies on a trusted third party organization to check the data integrity; Similarly, to release the staffs from heavy online burden for data and authenticator regeneration, the company supply a powerful workstation (or cluster) as the proxy and provide proxy reparation service for the staffs data. V. IMPLEMENTATION In our proposed system Public Auditability to allow TPA to verify the intactness of the data in the cloud on demand without introducing additional online burden to the data owner. Our scheme is the first to allow privacypreserving public auditing for regenerating code- based cloud storage. The coefficients are masked by a PRF(Pseudorandom Function) during the Setup phase to avoid leakage of the original data.the proposed work involves implementation of a prototype private cloud setup with open-source cloud operating environment on Linux platform and measuring the performance of cloud by running the scientific applications. The study and evaluation of its performance of user codes in cloud platform with dynamic configuration of Infrastructure-as-service and in non-cloud hardware platform are done and results are analysed. To increase the utilization of resources and kernel based virtual machine is used to provide virtualization infrastructure. The nodes such as compute node and cloud controller node are installed and configured. The nodes are connected internally to open-stack dashboard with internal network. Client users who are ready to use the cloud service are connected through external network to controller node of the private cloud. VI. SCIENTIFIC APPLICATIONS Performance evaluation of private cloud is usually done based on different criteria set in accordance with application environment. In various studies related to cloud computing performance evaluation some criteria such as average waiting time, load balancing and number of requests, cost and throughput, workload, the rate of transactions, response time time of allocation and release of Resources, different scheduling algorithms, effectiveness, delays in service and productivity, the number of input and output operations in the network are considered. Cloud computing resources must be compatible, high performance and powerful with respect to compute-intensive scientific applications. High performance is one of the cloud advantages which makes an scientific organization to migrate to cloud computing. Hence, performance evaluation of private cloud considering applications as benchmarks are important and the same has been considered in our approach. EXAMPLE DESCRIPTION To make our contribution easier to follow, we briefly introduce our above scheme under the reference scenario in Section II-B: The staffs (i.e., cloud users) first generate their public and private keys, and then delegate the authenticator regeneration to a proxy (a cluster or powerful workstation provided by the company) by sharing partial private key. After producing encoded blocks and authenticators, the staffs upload and distribute them to the cloud servers. Since that the staffs will be frequently off-line, the company employs a trust third party (the TPA) to interact with the cloud and perform periodical verification on the staffs data blocks in a sampling mode. Once some data IJIRCCE 202

5 corruption is detected, the proxy is informed, it will act on behalf of the staffs to regenerate the data blocks as well as corresponding authenticators in a secure approach. So we could see that our scheme guarantees that the staffs can use the regenerating-code-based cloud in a practical and lightweight way, which completely releases the staffs from online burden for data auditing and reparation. ENABLING PRIVACY-PRESERVING AUDITABLE: The privacy protection of the owner s data can be easily achieved throughintegrating with the random proof blind technique [15] or other technique [9]. However, all these privacy-preservation methods introduce additional computation overhead to the auditor, who usually needs to audit for many clouds and a large number of data owners; thus, this could possibly make it create a performance bottleneck. Therefore, we prefer to present a novel method, which is more light-weight, to mitigate private data leakage to the auditor. Notice that in a regenerating-code-based cloud storage, data blocks stored at servers are coded as linear combinations of the original blocks. VII.CORRECTNESS There are two verification process in our scheme, one for spot checking during the Audit phase and another for block integrity checking during the Repair phase. THEOREM 1: Given a cloud server i storing data blocks I and accompanied authenticators i, TPA is able to correctly verify its possession of those data blocks during audit phase,and the proxy can correctly check the integrity of downloaded blocks during repair phase.b. Soundness Following from paper [12], we say that our auditing protocol is sound if any cheating server that convinces the verification algorithm that it is storing the coded blocks and corresponding coefficients is actually storing them.before proving the soundness, we will first show that the authenticator as Eq.(10) is unforgeable against malicious cloud servers (referred to as adversary in the following definition) under the random oracle model. Similar to the standard notion of security for a signature scheme. REACTOR ANALYSIS CODE Reactor analysis code for reactor assembly is selected as one of applications to be tested because the code has been extensively used for the shielding design of power reactors with a good reliability. It can solve the neutron, gamma (or) coupled neutron/gamma transport problems in a two dimensional geometry. VIII. RESULT ANALYSIS In the experimental private cloud system built using Infrastructure-as-a-service model with cloud operating environment, the above referred scientific applications were run on virtual machines dynamically provisioned by the cloud infrastructure. The performance in terms of execution times of reactor shielding analysis code and molecular dynamic applications were measured in both cloud and non-cloud platforms. Fig.4. Execution Time of Cloud VM Vs Non-cloud Hardware IJIRCCE 203

6 Fig.5. Performance Analysis of Cloud and Non cloud Environment The graphs (Fig 4 & 5) show that the performance of these applications on virtualized cloud environment are almost comparable with the performance of the same on non-cloud hardware. IX. RELATED WORK The problem of remote data checking for integrity was first introduced in [26] and [27]. Then Ateniese et al. [2] andjuels and Kaliski [3] gave rise to the similar notions provable data possession (PDP) and proof of retrievability (POR), respectively. Ateniese et al. [2] proposed a formal definition of the PDP model for ensuring possession of files on untrusted storage, introduced the concept of RSA-based homomorphic tags and suggested randomly sampling a few blocks of the file. In their subsequent work [28], they proposed a dynamic version of the prior PDP scheme based on MAC, which allows very basic block operations with limited functionality but block insertions. Simultaneously, Erway et al. [29] gave a formal framework for dynamic PDP and provided the first fully dynamic solution to support provable updates to stored data using rank-based authenticated skit lists and RSA trees.to improve the efficiency of dynamic PDP, Wang et al. [30] proposed a new method which uses merkle hash tree to supportfully dynamic data. X. CONCLUSION Cloud computing is a growing technology as well as it has emerged as a modern computing Paradigm that providing IT infrastructure and can be used. To meet the continuously growing storage and processing requirements of today s scientific applications. The Open source Cloud platform is most important which provide an alternative to enduser for improved portability, flexibility, scalability and better performance using open-stack cloud operating environment. All open source software allows users to choose better services according to their requirement. The Scientific applications which are already running in non-cloud environment with the cluster machines can be migrated to. private cloud environment without much degradation in performance. XI. FUTURE ENHANCEMENT In Future we can implement this protocol using multi cloud or multi server.code implementation eliminates the encoding requirement of storage nodes (or cloud) during repair, while ensuring that the new set of stored chunks after each round of repair preserves the required fault tolerance. REFERENCES [1] M. Armbrust et al., Above the clouds: A Berkeley view of cloud computing, Dept. Elect. Eng. Comput. Sci., Univ. California, Berkeley, CA, USA, Tech. Rep. UCB/EECS , [2] G. Ateniese et al., Provable data possession at untrusted stores, in Proc. 14th ACM Conf. Comput. Commun. Secur. (CCS), New York, NY,USA, 2007, pp [3] A. Juels and B. S. Kaliski, Jr., PORs: Proofs of retrievability for large files, in Proc. 14th ACM Conf. Comput. Commun. Secur., 2007, pp IJIRCCE 204

7 [4] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, MR-PDP: Multiple-replica provable data possession, in Proc. 28th Int. Conf. Distrib. Comput. Syst. (ICDCS), Jun. 2008, pp [5] K. D. Bowers, A. Juels, and A. Oprea, HAIL: A high-availability and integrity layer for cloud storage, in Proc. 16th ACM Conf. Comput. Commun. Secur., 2009, pp [6] J. He, Y. Zhang, G. Huang, Y. Shi, and J. Cao, Distributed data possession checking for securing multiple replicas i geographicallydispersed clouds, J. Comput. Syst. Sci., vol. 78, no. 5, pp ,2012. [7] B. Chen, R. Curtmola, G. Ateniese, and R. Burns, Remote data checking for network coding-based distributed storage systems, in Proc. ACM Workshop Cloud Comput. Secur. Workshop, 2010, pp [8] H. C. H. Chen and P. P. C. Lee, Enabling data integrity protection in regenerating-coding-based cloud storage: Theory and implementation, IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp , Feb [9] K. Yang and X. Jia, An efficient and secure dynamic auditing protocol for data storage in cloud computing, IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 9, pp , Sep [10] Y. Zhu, H. Hu, G.-J. Ahn, and M. Yu, Cooperative provable data possession for integrity verification in multicloud storage, IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 12, pp , Dec [11] A. G. Dimakis, K. Ramchandran, Y. Wu, and C. Suh, A survey on network codes for distributed storage, Proc. IEEE, vol. 99, no. 3, pp , Mar [12] H. Shacham and B. Waters, Compact proofs of retrievability, in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2008, pp [13] Y. Hu, H. C. H. Chen, P. P. C. Lee, and Y. Tang, NCCloud: Applying network coding for the storage repair in a cloud-of-clouds,. [14] C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-preserving public auditing for data storage security in cloud computing, in Proc. IEEE INFOCOM, Mar. 2010, pp [15] C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou, Privacy-preserving public auditing for secure cloud storage, IEEE Trans. Comput., vol. 62, no. 2, pp , Feb Springer-Verlag, 2006, pp [26] Y. Deswarte, J.-J. Quisquater, and A. Saïdane, Remote integrity checking, in Integrity and Internal Control in Information Systems VI. Berlin, Germany: Springer-Verlag, 2004, pp [27] D. L. G. Filho and P. S. L. M. Barreto, Demonstrating data possession and uncheatable data transfer, Cryptology eprint Archive, Tech. Rep. 2006/150, [Online]. Available: IJIRCCE 205